// privacy

privacy policy.

plain-english summary of what fizzgig collects, why, who else sees it, and how to get it back or delete it.

last updated: 2026-05-19

who's the controller

fizzgig labs (sole-trader operation, london, uk) is the data controller for everything described here. for any privacy question, email sidekick@fizzgig.ai. we don't have a designated dpo — fizzgig is a small enough operation that the founder handles all data-subject requests personally.

what we collect, and why

email address
why: account identity + magic-link sign-in + transactional emails (beta approval, security alerts)
lawful basis: contract (Art 6(1)(b)) — you can't use fizzgig without an account, and the account needs an email
display name + bio + primary editor (cursor / claude code / etc)
why: dashboard personalisation + product tuning (we look at the editor mix to prioritise integrations)
lawful basis: legitimate interest (Art 6(1)(f)) — you can leave these blank or change them any time
github username (if you signed in with github)
why: display only; never used to query github
lawful basis: consent (Art 6(1)(a)) — given when you chose the github sign-in option
api keys (hashed; we never store the plaintext after creation)
why: authenticating your MCP requests
lawful basis: contract (Art 6(1)(b)) — the key is how fizzgig knows who you are when your AI editor calls
tool run history (which tool, when, finding counts, the audit envelope — but NEVER your raw source code)
why: dashboard history + product analytics (which tools fire most) + debugging
lawful basis: legitimate interest + contract — the dashboard run history is part of the product
user agent + ip country (from request headers)
why: anti-abuse + waitlist deduplication
lawful basis: legitimate interest (Art 6(1)(f)) — minimal, never personally identifying on its own
stripe customer id (once payments ship in phase 3)
why: linking your fizzgig account to your stripe billing
lawful basis: contract (Art 6(1)(b))

what we do NOT collect

  • raw source code you scan — only byte counts + which input slots were filled. the synthesis envelope persisted in tool_runs contains finding summaries with redacted snippets, never the surrounding code.
  • cookies for tracking. our analytics (plausible + vercel analytics) are both cookieless by design — no persistent identifiers in the browser, no cross-site tracking, no consent banner required under uk ico + eprivacy directive guidance.
  • third-party advertising network data. we don't run ads.
  • children's data. fizzgig is a developer tool; if you're under 16, please don't use it.

who else sees your data (sub-processors)

fizzgig uses these third parties to operate. each is listed with what it processes and where it stores data. Article 28 sub-processor disclosure.

  • supabase (us-east aws) — database for profiles, api_keys, projects, tool_runs. data processing agreement: supabase dpa.
  • cloudflare workers (global edge) — runs every tool. workers don't persist your input — they scan + return findings + forward a privacy-safe summary to the audit log.
  • vercel (us / global edge) — hosts the marketing site + dashboard. vercel analytics processes anonymised visit data.
  • resend (us) — sends transactional emails (magic links, beta approvals). access to your email address only.
  • plausible analytics (eu, frankfurt) — cookieless web analytics. no personal data shared.

international transfers are covered by SCCs (Standard Contractual Clauses) where applicable. the eu-us data privacy framework covers us-based sub-processors that participate.

how long we keep it

  • active accounts: while your account exists.
  • tool runs: 12 months rolling, then auto-purged.
  • deleted accounts: profile + api keys hard-deleted immediately. tool_runs anonymised (user_id set to null) and purged within 30 days. invoices (once payments ship) retained for 7 years per uk tax law.
  • waitlist signups: until approved or dismissed, then deleted.

your rights

under uk gdpr you have the right to:

  • access — see what we hold on you. self-service via dashboard / profile → export your data.
  • rectification — correct anything wrong. self-service via dashboard / profile.
  • erasure — delete your account. self-service via dashboard / profile → delete account.
  • portability — get your data in a machine-readable format. the export above returns JSON.
  • restriction, objection, withdraw consent — email sidekick@fizzgig.ai.

if you think we've mishandled your data you can complain to the uk ico. we'd rather you talk to us first — but it's your right to skip us.

cookies

we use a small set of strictly-necessary cookies for authentication (supabase session cookies, prefixed sb-). these are exempt from the consent requirement under the eprivacy directive because the site doesn't function without them.

we do notuse cookies for analytics — both plausible and vercel analytics are cookieless by design. there is no consent banner because there's nothing to consent to.

when this policy changes

we'll update the last updated date at the top and, for any material change, email every active user before it takes effect. policy diff history will live in the repository commit log once we open-source the marketing site.

questions? sidekick@fizzgig.ai — a real person reads every reply.